Its a nightmare scenario: A hacker accesses e-mails in U.S. Securities and Exchange Commission computers and splashes them across the Internet, revealing an inquiry into a company that shakes investor confidence before the probe is complete.

Such an attack has never happened at the SEC, but computer experts say it could if the agency fails to tighten security.

The SEC, an investor protection agency that demands tight internal controls from the companies it oversees, was recently criticized by congressional investigators for not having its own house in order when it comes to cyber security.

The Government Accountability Office (GAO) said last month the SEC had failed to limit remote access to its servers establish controls over passwords, securely configure all network devices, and adopt security monitoring procedures.

A successful hacker could use nonpublic information to make trouble for a targeted company or rival.